I mean, how does a browser distinguish the two. How does it know that it's running on a device owned by the network operator, as opposed to the (probably more common) case that the device owner distrusts the network operator.
It can't, but it is a strange reality in which we absolve users of responsibility to manage their own network in order to protect them, in a way that exposes the users to new threats that even responsible ones can do very little about.
So it's irresponsible to connect to public Wi-Fi? Or, for that matter, to directly connect to a cellular network or any commercial ISP's service, without a router in the middle?
I don't buy it. Even if you do route all DNS through a resolver on your router, that's hardly "protected", unless that resolver is itself using DNS over HTTPS (or TLS). Do you trust your ISP? I don't, and like most of the US I'm not in much of a position to switch. But even if I did trust my ISP, I wouldn't trust that the entire path from me to whatever DNS server the router is contacting (whether it's a recursive resolver or an authoritative one) was free of intelligence agency taps. In fact it seems much more likely that there is a tap somewhere.